static public bool IsCorrectUnpacker(ExeImageLoader exe, byte[] rawImg)
{
int offset = ExePackHeaderOffset(exe);
return(LoadedImage.CompareArrays(rawImg, offset, signature, signature.Length) ||
LoadedImage.CompareArrays(rawImg, offset, signature2, signature2.Length));
}
public ExePackLoader(IServiceProvider services, string filename, byte[] imgRaw)
: base(services, filename, imgRaw)
{
arch = new IntelArchitecture(ProcessorMode.Real);
platform = new MsdosPlatform(Services, arch);
var exe = new ExeImageLoader(services, filename, imgRaw);
this.exeHdrSize = (uint)(exe.e_cparHeader * 0x10U);
this.hdrOffset = (uint)(exe.e_cparHeader + exe.e_cs) * 0x10U;
ImageReader rdr = new LeImageReader(RawImage, hdrOffset);
this.ip = rdr.ReadLeUInt16();
this.cs = rdr.ReadLeUInt16();
rdr.ReadLeUInt16();
this.cbExepackHeader = rdr.ReadLeUInt16();
this.sp = rdr.ReadLeUInt16();
this.ss = rdr.ReadLeUInt16();
this.cpUncompressed = rdr.ReadLeUInt16();
int offset = ExePackHeaderOffset(exe);
if (LoadedImage.CompareArrays(imgRaw, offset, signature, signature.Length))
{
relocationsOffset = 0x012D;
}
else if (LoadedImage.CompareArrays(imgRaw, offset, signature2, signature2.Length))
{
relocationsOffset = 0x0125;
}
else
{
throw new ApplicationException("Not a recognized EXEPACK image.");
}
}
/// <summary>
/// Peeks at the beginning of the image to determine if it's an XML file.
/// </summary>
/// <remarks>
/// We do not attempt to handle UTF-8 encoded Unicode BOM characters.
/// </remarks>
/// <param name="image"></param>
/// <returns></returns>
private static bool IsXmlFile(byte[] image)
{
if (LoadedImage.CompareArrays(image, 0, new byte[] { 0x3C, 0x3F, 0x78, 0x6D, 0x6C }, 5)) // <?xml
{
return(true);
}
return(false);
}
static public bool IsCorrectUnpacker(ExeImageLoader exe, byte [] rawImg)
{
if (exe.e_ovno != 0)
{
return(false);
}
return(LoadedImage.CompareArrays(rawImg, (int)signatureOffset, signature, signature.Length));
}
// EXE header test (is it LZEXE file?)
static public bool IsCorrectUnpacker(ExeImageLoader exe, byte [] rawImg)
{
if (exe.e_ovno != 0 || exe.e_lfaRelocations != 0x1C)
{
return(false);
}
int lzHdrOffset = ((int)exe.e_cparHeader + (int)exe.e_cs) << 4;
int entry = lzHdrOffset + exe.e_ip;
return(LoadedImage.CompareArrays(rawImg, entry, s_sig91, s_sig91.Length) ||
LoadedImage.CompareArrays(rawImg, entry, s_sig90, s_sig90.Length));
}
private void Validate(ExeImageLoader exe)
{
this.lzHdrOffset = (exe.e_cparHeader + exe.e_cs) << 4;
// Locate the LzExe header and verify signature.
byte[] abC = RawImage;
int entry = lzHdrOffset + exe.e_ip;
if (LoadedImage.CompareArrays(abC, entry, s_sig90, s_sig90.Length))
{
// Untested binary version
isLz91 = false;
throw new NotImplementedException("Untested");
}
else if (LoadedImage.CompareArrays(abC, entry, s_sig91, s_sig91.Length))
{
isLz91 = true;
}
else
{
throw new ApplicationException("Image is not an LzExe-compressed binary");
}
}
